Download PDF

EU GENERAL DATA PROTECTION REGULATION

Everything you have to know in a single page

 

What is GDPR?

New law that will regulate how to collect, use and retain information on individuals in the European Union (in short – GDPR).

Is GDPR important for me?

Yes, if you collect, use or retain any information on your clients, employees, targets of advertisements, web page users, visitors, patients, students, other individuals or use CCTV cameras.

 

What is the risk if I do not follow GDPR?

Fines up to 20 million euros or 4% of the total worldwide annual turnover.

What does it mean to follow GDPR?

  • Adhere to the principles of data use (to define why you use the data, to use as little data as possible, to keep the data as short as possible, to have a legal basis for the data, to ensure that the data is safe from the technical side, etc.) - all your employees are responsible for this matter.

  • Adhere to procedures (analyzing people's requests for data, data security breaches, disclosing data, providing people with information on how you use their data, evaluating the impact on data protection, etc.) – this is the specific responsibility of the data protection officer or other specialist.

What is new with GDPR?

  • Data protection officer: most of companies and institutions have to appoint an employee in charge of data protection or an external counsel.

  • Data breach notifications: in case of a data leak or other incident, you will have to notify urgently a data protection authority and affected individuals.

  • Data protection impact assessment: when developing IT systems and planning new activities, you will have to check whether they comply with data protection requirements. Regulatory notifications will not be needed anymore.

  • Stricter requirements for consent: you have to simplify consent forms you use for data collection, separate consents from contracts, keep proofs of consents.

  • Stricter requirements for service providers: you have increase control of IT, accountancy, marketing and other service providers, detail data protection duties in contracts therewith.

  • Data portability: in case of a request, you will have to export for individuals, in a user-friendly format, information you have collected from them.

  • Data processing records: you have to maintain records of data your company or institutions uses describing what personal data you use and how do you do that.

  • Prior consultations with a data protection authority: if you see that your planned IT systems and activities raise a data protection issue, you will have to contact a data protection authority. The data protection authority will have to advise you.

  • One stop shop supervision: international groups usually have to communicate with a supervisory authority only in one EU member state.

  • Transfer of personal data to third countries: when personal data are transferred from the Union to controllers, processors or other recipients in third countries transfer may only be carried out in full compliance with GDPR.

 

How can I implement GDPR?

  • Perform a GDPR compliance audit

  • Implement GDPR procedures and documentation packages

  • Assign a data protection officer

  • Have GDPR trainings for personnel of your company or institution

 

Who can take care of everything for me in a professional manner?

 

DATAISTIC – your One-Stop Shop for EU GDPR Compliance.

This factsheet is provided for the purpose of information and a summary. For more information or a data protection advice, please kindly inquiry via www.dataprotection.lt.

  • Facebook
  • Linkedin
  • Instagram
  • Twitter
  • Youtube